Saturday, July 27, 2013

The 101 To Basic Hacking: How To Hack Facebook and Other Websites

The 101 To Basic Hacking: How To Hack Facebook and Other Websites

scared now 

People often ask me the question “How can I hack someone’s account”. There are many reasons why people want to hack into someone else’s Facebook or Email accounts such as:
  • They’ve been hacked by this person
  • They hate this person and what to get revenge
  • They want to spy and snoop on people
  • They want to delete an email they accidently sent to someone
  • They’re bored
  • They want to be a hacker
Hacking can be very easy, or it can be quite difficult, depending on whom your target is. You could get access to someone’s email account and Facebook account in less than 5 minutes or sometimes it could take a few days and a bit of effort.
In this post, I will tell you some steps you can perform to hack someone’s email account, hack someone’s Facebook account, or hack other online accounts such as Twitter, or LinkedIn. I’m not going to go into depth of each of these services, but tell you the general techniques you can use. The second part of this article will show you some tools in which you can learn  how to hack and take down websites.

Hacking Online Accounts

Hacking online accounts usually requires you to guess the targets password, or to try and their password for a particular service such as Facebook, Gmail, or Hotmail. Usually, if you can get into their email account, you can get into other services they have like their online banking accounts. So how can I break in?

Guess the Target’s Password

The first approach to do is to simply try to guess their password. So if you are trying to break into someone’s email account, go to Hotmail, Gmail (or their other email provider), and type their email address in for the username, and start guessing his or her password.
Here are a few common passwords you can try:
  • Common passwords such as:
  • Personal information such as:
    • Where they lived
    • Their name
    • Pet’s name
    • Street they live on
    • Girlfriend/boyfriend name
    • Data of birth
    • School/Uni
    • Place they work
    • Phone numbers
    • A favourite TV show
    • Favourite band
    • Favourite food
    • Best friend
    • Favourite character
    • Other passwords you know they have used
This list can go on and on and will probably take a few days to go through most of the common passwords as sites like Gmail and Hotmail will block you out after five or so invalid login attempts. Also, ensure you take into account capitalisation when entering passwords (excluding Facebook). If all else fails, and you give up, try the next option.

Forgot Password Link

Most people gain access to others people’s accounts through the forgot password link. By using this method, they will know someone has hacked their account, as they cannot log in because you have changed their password on them. So you only have until they reset their password (using the same method as you just did), or if you really hate them, you can change their secrete question, phone numbers or secondary email accounts answers so they can never log in again. However, with Facebook, and even Gmail, they can still regain access by providing friends and recently contacted people.
What this method entails is for you to go through the forgot password feature on the relevant service. Each service is different. Some may send you an email of your password, other will send an SMS to your phone or an alternative email address, or some will get you to answer your secrete question and ask information about where you live. Sometimes, this information is easily guessable, so if you know your target well, it could be easy. If not, you need to perform the next step.

Social Engineering

Social Engineering is a great way to get access to someone’s account. For example, if you try to reset someone’s password for their email account, and their secrete question is “what is your mother’s maiden name” or “what was the first street you lived in”, you can find this out just by talking to them and asking the right question.
Therefore, if you’re not sure what the targets mother’s maiden name is, ask them subliminally. Start by talking to them about something irrelevant, and steer the conversion to their family history and see if you can determine their mother’s maiden name. Do this for the other secrete questions you may have to answer as well. With this step, you have to be careful, as you don’t want them to trigger what you are up to. Once you have the answers you are looking for, just go to the Forgot Password link and you should be able to log in.
The other thing you could do, if you have the skill is to create a phony website that could either look like Facebook or Hotmail, or a site where they can claim something if they enter their username and password. Alternatively, create a site saying, “I can hack someone’s Facebook account for you, just give me your password”. It’s really amazing how many people fall for this tactic.

Steal Their Phone

If your target has their phone lying around, try to get access to it. Usually, people are already logged into their email and Facebook accounts so it should be easy to change their password on their phone. It could be hard to get unlocked access to their phone, but you can prepare by getting a video uploaded onto Facebook, get them to start watching it, and then get them to leave while you continue watching it. Make sure the video doesn’t have sound though, and while they are gone, change their password. They will not know a thing. First, check their account settings on Facebook to ensure notifications are switched off. It’s very risky tactic, unless they lose their phone or you temporarily steal it – provided you know their access code to get onto their phone.

Go on their computer

If you visit their house, ask if you could check your email on their computer. Don’t check your email, but check theirs and change your password. They may derive a conclusion, but you could get short-term access (even if you don’t change their password). If you only need to read or delete their emails, you have plenty of time to do it.
While you are at it, open up their password manager and take a photo of their passwords with their phones. Make sure you know where to find it first so you don’t waste any time looking for the settings. The other thing you can do is install a Keylogger on their computer and get it to send you the logs via email.

Words of Advice

  • Don’t be obvious
  • Cover your tracks so you don’t get caught (if you know how to)
  • Don’t hack someone’s account who is technologically smarter then you
  • Know the system first, especially if the site sends email notifications
  • It’s most likely illegal
Once you’ve gained access to their email account, you can use the password reset feature in other services to send password reset instructions to the email account you now have access too. However, to be slyer, search their emails for passwords first.

Hacking Websites

Hacking a website is different to what is instructed above. To be able to hack websites, you need to know how to code. So if you don’t know how to code, this step will be a lot harder, or impossible for you. Nevertheless, continue to read as you might learn something.
There are many ways you can hack a site:
  • Viewing page source or modifying URL’s
  • Through JavaScript
  • Exploiting their code with injections or including other files
  • Spoofing your information to get what you want such as modifying cookie information, referral data or JavaScript variables
  • Through SQL Injection attacks
  • URL manipulation
  • Uploading of malicious data
  • Cross Site Scripting (XSS)
  • Through cryptography
  • Software cracking
  • and using many more ways
Depending on the site, none, one, more than one, or none of these tactics will work for you. It is all up to the developer of the website and on how good of a coder they are.  For some sites, it could be very easy and for other sites, it could be very difficult. However, here is a very brief overview of some things you can try.

Viewing the page source

By viewing the source of the website, you may able to understand how the code works and what it is doing behind the scenes. It will give you clues on what sort of hacking technique you should try. In some very low secured site, it might even tell you the username and password to login.

JavaScript

If the site uses JavaScript, you maybe be able to change some of the values of the variables to get what you need. If you know JavaScript, just type your code into the web browser like this javascript:alert(“hello”);

SQL Injections

SQL Injections is probably one of the easiest and most effective ways into hacking sites. If you know how SQL statements work, you can easily change it to match your needs. For example, a SQL statement for a PHP based website could be SELECT * FROM USERS WHERE ADMIN = “$username” AND PASSWORD = “$password”;
The PHP variables $username and $password will  be assigned the values the user entered into the username and password textboxes. If the user correctly enters the correct username and password, they query will return a result, thus logging you in. However, instead of entering the username and password, we can inject some SQL and modify the query result. For example, we can enter fdfdfd in the username field, and gdgfd” OR “1″ = “1 in the password field. By doing this, the query will be SELECT * FROM USERS WHERE ADMIN = “fdfdfd ” AND PASSWORD = “gdgfd” OR “1″ = “1″;
This statement will return true because 1 is equal to 1 and will grant us access.
Other possibilities are to try depending on the SQL Query are:
  • ‘ or 1=1–
  • ” or 1=1–
  • or 1=1–
  • ‘ or ‘a’='a
  • ” or “a”=”a
  • ‘) or (‘a’='a

URL Manipulation

Sometimes you can hack a site just by modifying a URL to get what you want. For example, you can change the URL to /admin or /administrator to access the administrator section, or ?accessgroup=2 to 1 to change your permission level. However, all sites are unique and this is just an example.

Spoofing

It’s possible to hack sites through spoofing information. This could be changing your referral data, change your IP address from one country to a different country so you can access services not available in your country, or simply to  change your Cookie information to pretend to be someone else.

Words of Advice

This is only the basics, and there is so much more to learn that I have not covered.

How can I learn to hack?

If after reading this, learning how to hack is something you may find interesting, there is a really good site called Enigma Group that will allow you to practice your skills and practice on realistic scenarios to learn how to be a hacker. So visit the site, register, and see how you can go completing some of the basic skills. Keep in mind; some of them are hard, even for experienced security experts.
So, has your view changed on hacking after reading this? Is it easier or harder than you first thought?

Before you post a comment…

Before you post a comment on this article, please ensure it adds value to the article. Comments requesting help for hacking into someone else’s Hotmail, Facebook, Yahoo accounts etc may be deleted or not answered. This article is a basic guide only, not a request to get people to hack for you.

No comments:

Post a Comment